Facebook Is Always Watching You

Amid heightened concerns surrounding Facebook’s new advertising platform, the social networking site has given users a new reason not to trust it: Researchers recently busted the company for tracking users activities on external sites, even after they logged out of Facebook.

"Facebook is retrieving enough information that they can tie what you do on external sites back to your Facebook profile," says Stefan Berteau, a research engineer with CA. "[The company] says it’s deleting the data it gathers after you’ve logged out, but that is not clearly spelled out in its privacy policy, and there isn’t a binding public commitment."

A Facebook spokesperson wasn’t immediately available to comment.

The discovery has come at a pretty rotten time for Facebook, which is still making amends with the public for its controversial ad platform called Beacon. The platform launched last month and immediately earned the ire of users because of a fairly objectionable feature: When Facebook members shopped on advertisers’ external sites, their friends were automatically notified of their purchases, often before they knew that the notifications were sent out. After fierce public outcry, Facebook modified the system last week so users now have to click "OK" before a notification is sent out to friends about a transaction.

While most web sites cannot track users after they log out, Facebook can gather extremely detailed profiles of users’
shopping habits based on data it gathers from its advertising partner sites. The company can also link individual user’s shopping habits to individual Facebook profiles, which typically contain detailed personal information.

In order to collect data from external sites, Facebook gives Beacon advertisers a piece of code that they run on specific web pages (such as order confirmations). The code is used to transmit data between the advertisers’ sites and Facebook’s servers. If a user clicks on the "Remember Me" box when logging in to Facebook, the cookies that are stored locally on his computer will also store data about his activities on Beacon advertisers’ sites.

Although this development may be somewhat alarming, it’s not entirely shocking. Many e-commerce sites and web advertisers have used cookies to track users online for years now. The threat could also be somewhat overstated: Facebook can only gather user data from advertisers who signed up to use Beacon (such as
Overstock.com and Epicurious.com); and Facebook cannot collect data on users if they are surfing external sites that are not part of Facebook’s advertising network.

UPDATE: Facebook has finally offered users the chance to turn off all Beacon notifications. Mark Zuckerberg, CEO of Facebook, also apologized: "Instead of acting quickly, we took too long to decide on the right solution. I’m not proud of the way we’ve handled this situation and I know we can do better."